鉴于此C#代码片段如何在SQL查询中使用C#变量?我知道这样做的最好方法是使用“参数”,我看了很多例子,但到目前为止我还不能“把它放在一起”。
...
using MySql.Data.MySqlClient;
public partial class Form1 : Form
{
private string server;
private string database;
private string uid;
private string password;
private MySqlConnection connection;
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
webBrowser1.Navigate("127.0.0.1/box3.php");
server = "localhost";
database = "realestate_db";
uid = "root";
password = "";
string connectionString;
connectionString = "SERVER=" + server + ";" + "DATABASE=" + database + ";" + "UID=" + uid + ";" + "PASSWORD=" + password + ";";
connection = new MySqlConnection(connectionString);
connection.Open();
MySqlDataAdapter mySqlDataAdapter;
mySqlDataAdapter = new MySqlDataAdapter("SELECT `ID`, `lat` , `long` FROM `house` ", connection); // want to uses a C# variable in this SQL query
DataSet DS = new DataSet();
mySqlDataAdapter.Fill(DS);
dataGridView1.DataSource = DS.Tables[0];
}
....
Thanks.
答案 0 :(得分:1)
这是一个非常常见问题的重复,我正在使用代码副本并粘贴另一篇文章描述,链接在这里Creating and then working with parameters in queries。您可以在dataadapter Select命令或add方法上使用addWithValue方法。
da = new MySqlDataAdapter("SELECT `ID`, `lat` , `long` FROM `house` where `ID` = ?ID", connection);
// As most are suggesting Create the parameters with the Add Method, Passing the MySqlDbType
da.SelectCommand.Parameters.Add("?ID",MySqlDbType.Int32).Value = ID;
// Can also Use AddWithValue Method as well
da.SelectCommand.Parameters.AddWithValue("?ID",<Your Variable>);
答案 1 :(得分:0)
public static MySqlDataAdapter CreateCustomerAdapter(MySqlConnection conn)
{
MySqlDataAdapter da = new MySqlDataAdapter();
MySqlCommand cmd;
MySqlParameter parm;
// Create the SelectCommand.
cmd = new MySqlCommand("SELECT * FROM mytable WHERE id=?id AND name=?name", conn);
cmd.Parameters.Add("?id", MySqlDbType.VarChar, 15);
cmd.Parameters.Add("?name", MySqlDbType.VarChar, 15);
da.SelectCommand = cmd;
// Create the InsertCommand.
cmd = new MySqlCommand("INSERT INTO mytable (id,name) VALUES (?id,?name)", conn);
cmd.Parameters.Add("?id", MySqlDbType.VarChar, 15, "id" );
cmd.Parameters.Add("?name", MySqlDbType.VarChar, 15, "name" );
da.InsertCommand = cmd;
return da;
}
答案 2 :(得分:0)
首先,将您的所有数据访问抽象给它自己的类或程序集:
public class DAL
{
private string server = "localhost";
private string database = "realestate_db";
private string uid = "root";
private string password = "";
private string connectionString = "SERVER=" + server + ";" + "DATABASE=" + database + ";" + "UID=" + uid + ";" + "PASSWORD=" + password + ";";
public DataSet GetHouse(int ID)
{
//...
}
}
然后您现有的代码将调用此方法:
public DataSet GetHouse(int ID)
{
string sql = "SELECT `ID`, `lat` , `long` FROM `house` WHERE ID= ?ID ";
DataSet result = new DataSet();
using (var cn = new MySqlConnection(connectionString) )
using (var cmd = new MySqlCommand(sql, cn) )
using (var da = new MySqlDataAdapter(cmd) )
{
cmd.Parameters.Add("?ID", MySqlDbType.Int32).Value = ID;
da.Fill(result);
}
return result;
}